HTML5 WebRTC – Local IP discovery

What is WebRTC?

WebRTC is a free, open project that enables web browsers with Real-Time Communications (RTC) capabilities via simple Javascript APIs. The WebRTC components have been optimized to best serve this purpose.

The idea is to enable rich, high quality, RTC applications to be developed in the browser via simple Javascript APIs and HTML5.

Security Issue

Ability to track a person using HTML 5 WebRTC using your local IP. It allows for the discovery of every host on your local network.

This is obviously a huge privacy issue, and ‘Einar’ states this feature can at least make local exploitation easier for an attacker.

Also, HTML and JS script are executed by the browser as a”sandbox” designed to be isolated from the rest of the computer. However bugs may exist. WebRTC API needs to access physical devices which will provide real-time media information (and files):

Web pages access to users camera and microphone without permissions.

Users can potentially be recorded with Javascript code downloaded from a malicious Web Server.

The script on this page will attempt to find your local ip addresses, using HTML5 WebRTC, and then use that info to probe for other live hosts on your lan(s).

It can be used as a fingerprinting technique.

Also if a rogue script can exploit an XSS vulnerability, it’s likely in a lot of cases the user has not set a password on the router’s LAN admin interface.So, the script can run through a short list of guesses, get lucky, and poke a hole in the user’s firewall from the inside.

This vulnerability exists independent of WebRTC. WebRTC just makes it easier to scope out more unusual LAN setups, such as the article’s example involving a 10.0.0.0/8 network.

Bottom line: use passwords on your LAN even if it’s just you and two or three computers. And, for good measure, pick an unusual subnet out of the 10.0.0.0/8 net.